Google TV Or: How I Learned to Stop 
Worrying and Exploit Secure Boot 







GTVHacker: The Team 


• GTVHacker is a group of 6 hackers 
with individual skill sets who work 
together to unlock Google TV devices. 

• Our primary goal is to bypass 
hardware and software restrictions to 
allow for unsigned kernels to be 
loaded and used. 

• To date the team has released 
multiple methods for unlocking 
Google TV devices. 

• The GTVHacker team won a $500 
bounty for being the first to root the 
Google TV. 

• We hack things because we believe in 
http://DC2i.GTVH@^e.Fptand free hardware. Our current 2 







Members 



Mike Baker ([mbm])- Firmware developer 
and co-founder of OpenWRT 

Hans Nielsen (AgentHH)- Senior Security 
Consultant at Matasano 

CJ Heres (cj_000) - IT Systems Manager 

gynophage - He's running that big ole 
DEFCON CTF right now 

Tom Dwenger (tdweng)- Excellent with 
APK reversing and anything Java 

Amir Etemadieh (Zenofex) - Research 
Scientist at Accuvant LABS, founded 
GTVHacker 
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What's the Google TV? 

• Google TV is a platform that: 

o Bridges the gap between your TV and an 
Android device. 

o Creates an overlay on television stream and 
also contains an IR transmitter to transmit to 
media center devices (cable box, TV, sound 
system). 

o Receives over-the-air updates automatically 
from OEM manufacturers. 

o Contains a forked version of Chrome with all 
plugins and extensions disabled. 

o Was originally released without the Android 
Market available but was eventually updated to 
include it. 

h^ : //[prwfd^kgr boiilt-in Flash Player, however most 

the Google 





Google TV 








Why We Hack It 


/ 


V 


Just a few reasons why we targeted 
the platform: 

• Locked bootloader 

• Heavily restricted kernel 
preventing user modifications 

• Generation 1 EOL 

• Crippled Flash Player 

In short, the Google TV devices are 
locked down and crippled by their 
limitations. Our goal is to change 
that. 
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Last Year 



They released devices... We hacked them all. 

Let's make this quick so we can get to the exploits! 
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Generation 1 Hardware 


Logitech Revue 


NSZ-GT1 


NSZ- 
[24-46]GTl 

Extremely limited number of devices compared to second 

generation. 

First generation has been discontinued. 
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Recap of Generation 1 Exploits 


Logitech Revue 

o Root UART 

o /dev/devmem (Dan 
Rosenberg) 



Sony NS[X|Z]-[24-46]GTl 
o Downgrade nodev bug 
o Recovery LCE 


o 


kexec as module 



o 


Unsigned Kernel^. 
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Along the way: Chrome Flash Player 

Modification 

Hulu and other sites check the Flash Player version string on 

the box, preventing access. 


From: 


09969F52 69 6E 3A 00 4| 

00969F63^^^H 00 50 6C 75 67 49 6E 00 35 2E 31 00 25 32 


in: . || 

I. Plugin.5.1.%2 


00969F52696E3A 00 

00969F63^^^H 00 50 6C 75 67 49 6E 00 35 2E 31 00 25 32 


in: 


Plugin.5.1.%2 


This simple change teamed with modifying the browser user- 
agent results in a Content Block Bypass on all blocked sites. 
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Logitech's Secret Message to Us 



Zenof ex 
cj.OOO 
craigcJroid 


resno 

tdweng 



“@gtvhackers congratulations if your [sic] reading this 
please post a note on your forum to let me know ;)” 
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Boxee Box 


We disclosed an exploit for Boxee at last year's DefCon 

• Software LCE 

• Hardware Root UART (under 
some VIA's) 

• Spawned Boxee+ Community 

• Modifications based off our 
root that extend the life and 
functionality of the Boxee Box 

• 308,128 Views since 
December, 2012 

• STILL VULNERABLE :) 

TL;DR We dropped an exploit at DEFCON 20, the community 
responded. Keep up the awesome work Boxee community. 
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The Next Generation... 
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Generation 2 Hardware 


am- H S 


Ujggifc l.jjj IP ^ 


B V H 


LG U + 


Asus Cube 


LG 47/55G2 & 
G3 


Netgear Sony NSZ-GS7/GS8 Hisense Pulse Vizio Co- 

Prime Star 

Similar hardware design throughout most of the generation 
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Generation 2 



• Marvell 88DEB100 based 

• ARM - Dual 1.2GHz processors 

• Dubbed the “Armada 1500” 

• On-die Crypto processor, 
separate memory 

• Secure Boot from ROM via RSA 
and AES 

http://DC21.GTVHacker.com 14 
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Marvell Armada 1500 (88DE3100) 




Secure Boot 
ROM 


SDIO x2 

UART x3 

TWSI x4 

GPIO and 
PWM 

SATA 3.0 

Fast Ethernet 
PHY 

Fast Ethernet 
w/SMII 81 TMII 

USB 2.0 Host 

USB 2.0 OTG 


gill 


NAND/NOR Flash 



Dual Core 
PJ4b-SMP 
Super-scalar 
2.61 DMIPs/ 
MHz/Core 
ARM v6/7 


32 I/D 
LI Cache 




ARM Neon 
with 

FPU v3.0 


WMM x2 


3D Graphics 
GC1000 Core 


Security Engine OTP, 
RNG, AES/(3), DES, 
RSA, SHA-1, MD5 



TS Processor 
PID Section Filter 
De-multiplexing 
AES/(3) DES, 
Multi-2, CSS, CSA 


Qdeo- 
Video Post 
Processing 


VMeta™ Video 
CODEC 
H.264 AVC/ 
MVC VC-1, 
MPEG 2/4 
H.263, RV8/9, 
VP6/8, AVS 
H.264HP 
Encode 


Front Panel Controller and Power Management 
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JTAG Debug 
Port w/ARM 
Core Sight 


HDMI TX 
vl.4 


Dual Link 
LVDS Tx 

4 Video 
DACs 

Stereo 
Audio DACs 

7.1 I 2 S and 
S/PDIF Tx 

7.1 I 2 S and 
S/PDIF Rx 


Digital 
Video In 


Serial 
Transport 
Input x2 
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Chain of Trust 

Chain of Trust Placeholder 
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Platform Information 



• Android 3.2 

o No public vulnerabilities 
work 

• Not a Bionic libc 

o No Android native libraries 
supported* 

• Gen 1: Intel CE4150 

o Single Core Atom ~1.2GHz 

• Gen 2: Marvell Armada 1500 

o Dual Core ARM ~1.2GHz 
each 

• Android 4.2.2 incoming for 
Gen 2 


http://DC2i.GTVHacker.ftm Adds Native Libraries, 

n: ^ M ^ i: ^ 
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Sony NSZ-GS7/GS8 

• 8GB EMMC Flash 

• Best remote 

• Larger form factor 
o Internal PSU 
o Built in IR blasters 

• $199 

Same box as the GS7, but with a voice search remote 
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Vizio Co-star 



• Small form factor 

• No Voice Search 

• Custom Launcher 

• $99 MSRP 

• Updates are encrypted via 
Update Logic 

o Common in all Vizio 
devices 
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Hisense Pulse 



• 2nd Best Remote 

• Launched with ADB 
running as root 

o Patched shortly after 

• $99 MSRP 
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Hisense Pulse Root 


• Teardown showed a root 
shell over UART 

• ro.debuggable=l 

• adb root was all it needed! 

• Released a script that 
disabled updates and 
installed our Chrome Flash 
Modification 

We'll have a select number of 



USB to TTL adapters available at the 
Q&A 
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Netgear NeoTV Prime 


• Horrible Remote 

• $129 MSRP 

• Two exploits 
o One real 

o One oversight 
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Netgear NeoTV Prime Root 

Prime auto-spawned a console as the root user over UART 

regardless of the security setting. 

### force to create a console no matter what ### 
on property: ro .secure=0 
start console 
on property: ro .secure=l 
start console 


Factory backdoor in the “testmode” service. 
Allowed for execution of code from USB as root. 
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GTVHacker Netgear NeoTV Prime Root Exploit 


Netgear NeoTV 
Prime Boots 


Check 

persist.radio. testmode, enabled? 



CO 




A 


Extract "test_mode.tgz" from USB drive to /tmp 


Is there a USB Drive? 


Does /tmp/test_mode/test_mode.sh exist? 


c 


Yes 


CO 


Run 

/tmp/test_mode/test_mode.sh 
as root 


Does ".testmode" exist, and 
does it contain 
"testmodemark"? 



c 


Yes 



Install Superuser, Flash Bypass, 
Set persist.radio.testmode.enabled=1 
and reboot 


Set 

persist.radio.testmode.enabled=1 
and reboot 
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Asus CUBE 
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• Same generation 2 
hardware 

• Bad Remote 

• $139 MSRP 












CubeRoot 



y/iS L5 


1 3 //5U5 


hf Main Menu 

Patching your Cube 

1 JDJ Main Menu 

Root your Cube 

•yf Root Me 

Why Patch: 

1 The GTVHacker team understands that some users are concerned with the security 
_J implications of an application having the ability to perform unauthorized actions to your 

Root Me ~ 

Patch Me 

^ 4 , Patch Me 

What is CubeRoot: 

CubeRoot is a software root for the newly released ASUS Cube. This application exploits a 
'Local Command Execution' bug within world writable unix domain socket. 

We leverage this to perform the following: 

Install SuperSu, and the su binary 

Mutate the Flash Playerversion in Chrome allowing sites like Hulu 
without being blocked 

Warning: Pressing the button below will root your device! 

This will take about 30 seconds and may appear to freeze. 

ENGAGE! 

Twitter 

About 

device. 

To help ease the minds of these individuals and because we can, we have added 
functionality to our app to patch the very bug that is being exploited in the Root Me 
section of this app. 

If you would like to patch your device from this vulnerability press the button below. 

Warning: You will no longer be able to root this device with this bug. 

PATCH ME! 

& Twitter 

About 



May 17, 2013 
1.71MB 


Try again later. 


Description 

Auto exploits and patches your Asus Cube from an App! 
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CubeRoot 



• Exploited a helper app (oplayhelper) via a world writable 
socket 


• Helper application passed un-sanitized input to the mount 
command resulting in LCE 

o We triggered the vulnerability from within an Android 
















CubeRoot 



IpaiJs 

jjf Main Menu 

Root your Cube 

Root Me 


“ What Is CubeRoot: 

^ Patch Me 

CubeRoot is a software root for the newly released ASUS Cube. This appfcatkm exploits a 
local Command Execution' bug within work) writable una domain socket. 

^ Twitter 

We leverage this to perform the following: 

About 

Install SuperSu, and the su binary 

Mutate the Rash Player version in Chrome allowing sites like Huku 
without being blocked 

Warning: Pressing the button below will root your device! 

This will take about 30 seconds and may appear to freeze. 

ENGAGE! 


Also patches the exploit, to prevent evil 
apps 

Pulled by Google - get it at 
GTVHacker.com 
o Downloaded ## boxes 
o Rooted ## boxes (Included 1 eng 
build) 

o Listed in iGooglerPlay store for 6 days 














One Root to Rule Them All 
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Magic USB 

• Recall our past exploits with file system nodes and block 
devices? 

o In the first generation of GoogleTV devices, our original "4 
usb recovery exploit" leveraged a USB device improperly not 
mounted "nodev" 

o That was only two very similar devices. 

What about something a bit bigger? 

http://DC21.GTVHacker.com 


30 





Magic USB 


All Google TV's and some other Android devices are vulnerable 
o Certain specific Linux boxes too! 


void mounts NTFS partitions without “nodev” 
A little known “feature” of NTFS is that it supp 
Linux block / character devices 



mhb 
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Magic USB > / \_ j > 

• NTFS Drive + Block Device 

o Read / Write on any box, any partition. 

• Easy root, on every single box! 
o Dump boot.img 

o Patch init.rc or default.prop to ro.secure=0 
o Write it back (as a user, no root needed) 
o Reboot, you are rooted - win! 
o Sony boxes require an additional step 
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OOOHHHH YEAH 
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Hardware Mods / Exploits 







Sony NSZ-GS7 with EMMC->SD and SATA Mods 
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LG 47/55G2 


Dual Core ARM L9 
o aka LG1152 
Signed Everything 
o Even the splash! 

Our “White Whale” 
o Why spend$IK? 
o Next best thing 

■ Power supply and 
Mobo 


‘SMART 


3:02 PM 




u 






'll' 
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LG 47/55G2 Root 


• Hardware Root! 
o EMMC Flash 

■ EMMC 

■ MMC 

■ SD 

• All fall back to SPI mode 
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LG 47/55G2 Root 
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LG 47/55G2 Root 



partinfo at 0x100000. 


Take the filename, count 
back 6 bytes and byteswap 
- your location. 

/system is at 122,159,104 


mount -text4 - 
o,skip=122159104 /dev/ 
sdXX /mnt/system 
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LG 47/55G2 Root 



on boot 


• Root FS is a signed 

# Fix system date if necessary, 
exec /system/bin/fixdate 


squashfs image 



• Init script calls: / 

# TODO: remove an unnecessary comment. 

# Init osd0 for fast-boot 


system/vendor/bin/ 

setprop debug.sf.nobootanimation 1 


init_forcestripped.sh 

write /proc/lg/fbdev/scrclear "0" 
start init osd0 


• Mount, edit to spawn 



telnet, root shell over 

# TODO: remove an unnecessary comment. 


uart, or over PL2303 

# Init volume 

#exec /system/ vendo r/bin/init_volume .sh 


USB serial adapter. 

start init_volume 


• Debug agent (dongle 

# Sets ro.forcestripped based on build.prop or persist.gtv.forcestripped 1 

needed) runs over 

exec /syst em/vendor/biri/init_f orcest ripped.sh 


UART 
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Sony NSZ-GS7/GS8 

• Sony also uses an EMMC Flash making interfacing easier 
o Boot & system are not signed 

• To gain root we rewrite /boot or /system 

o However, the RSA signed init scripts check for certain 
props 

- EX: Check for ro.secure=0, if so, reboot 

o Since we can modify /boot we can remove the 
check 

o Sony also disabled dd, insmod, and some other bits via 
kernel calls 

o Being able to write /system and /boot you can change 
most restrictionsttfltDwiHlHacker.com 40 






Sony NSZ-GS7/GS8 


• SATA HDD 

o Jumpers / caps over 
front points 

o Add SATA connector on 
the back 

o Connect a HDD. Ach, it's 
not being detected! 


But no kernel support for SATA 
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Now What? 



We've got root but we want 
more. 
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Marvell Armada 1500 
Secure Boot Exploit 


Armada 1000 = 88de3010 
Armada 1500 = 88de3100 


May also work on the Armada 100( 
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Marvell Armada 1500 
Secure Boot Exploit 


• Sony NSZ-GS7 

• Netgear NeoTV Prime 

• Vizio Co-Star 

• Hisense Pulse 

• AsusCUBE 

• Sony NSZ-GS8 


LG U+ IPTV 
Google “Berlin” 
ZeroDesktop MiiPC 
Hisense XT780 TV 
Lenovo S31/S61 TV 
TCL Mo Vo 
And Others! 
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Detailed Security Overview 
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Bootloader Messages 




File Edit View Search Terminal Help 


WOL MAC address: 08:60:6e:el:72:f8 

Image3 bootargs: androidboot.console=ttyS0 console=ttyS0,115200 init=/init pxa3xx_nand.use_cache_progr2 
mkbootimg bootargs: androidboot.hardware=asusberlin root=/dev/mtdblock:boot 

Generated bootargs: androidboot.hardware=asusberlin root=/dev/mtdblock:boot androidboot.console=ttyS0 2 
Send bootmode=0 to SM. 

Re[slp00on7d]iIn(gS Mt)o: SsMy.ss..t 

tWea r=m 0uxp0., a 

tByopoet =n o0rxm8a,l cGoTnVt einmta g=e 

x0 0 

[Flash Write]page=0x00005788, buf=0x0069fb2c, size=8192 

[mv_nand_write_lai"ge_page,788] addr=0x0af10000, buf=0x006b0048, oob=0 

[Flash Write]page=0x00005789, buf=0x006al u ''~ ~‘ i - 

[mv_nand_write_la>'ge_page,788] addr=0x0afpi i I 1 i A A1AAAAAA 

fts: record vl97 commited @ 0x00310000 ST HII kOiHO MYM M rlnl'll'll'l 

Start kernel at 0x01008000 JLUI l WZ II \Z \. 0 L vAvlvvUvV/V 

Uncompressing Linux... done, booting the kernel. 

[ 0.000000] Initializing cgroup subsys cpu 

[ 0.000000] Linux version 2.6.35.14 (jason@jason-P43SJ) (gcc version 4.4.5 20100614 (prerelease) (F3 

[ 0.000000] CPU: ARMv7 Processor [562f5841] revision 1 (ARMv7), cr=10c53c7d 

[ 0.000000] CPU: VIPT nonaliasing data cache, VIPT nonaliasing instruction cache 

[ 0.000000] Machine: MV88DE3100 

[ 0.000000] Memory policy: ECC disabled. Data cache writealloc 

[ 0.000000] PERCPU: Embedded 7 pages/cpu @80b38000 s6624 r8192 dl3856 u65536 

[ 0.000000] pcpu-alloc: s6624 r8192 dl3856 u65536 alloc=16*4096 

[ 0.000000] pcpu-alloc: [0] 0 [0] 1 

[ 0.000000] Built 1 zonelists in Zone order, mobility grouping on. Total pages: 162560 

[ 0.000000] Kernel command line: androidboot.hardware=asusberlin root=/dev/mtdblock:boot androidboo2 
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Android Kernel Header 


Mkbootimg/ 
booti|rjg.h 


e BOO T_M A GIC "ANDROID! M 

e BOO T_M A GIC_SIZE 8 

#define BOO T_N A M E_SIZE 16 

Adeline BOO T_A RG S_SIZE 512 

struct bool_img_hd r 

unsigned char magic[BOOT_MAGIC_SIZE]; 

unsigned kernel_size; 

unsigned ke rnel_add r; 

unsigned ramdisk_size; 

unsigned ramdisk._add r ; 

unsigned second_size; 

unsigned second_addr; 

unsigned lags_addr; 

unsigned page_size; 

unsigned unused[ 2] ; 

unsigned char name [ BOOT_NAME_SIZE] ; /*** asciiz p roduc i name ** S 

unsigned char c mdline[BOOT_ARGS_SIZE] ; 

unsigned id [ 8 ] ; S'* iimesiamp / checksum / shal / ei c * / 

> ; 

/* 

>*C >K __ 

* * | bool header | 1 page| 

3+C J|C _j_ __(. 

* * | ke rnel | n pages 

3+C )|C _j_ __|_ 

* * | ramdisk | m pages 

3*C 3*C _j_ __(_ 

* * | second siage | o pages 

3*C )*C . __. 


/* 

size in byies 




/* 

physical Toad 

add r 



S'* 

size in byies 




S'* 

physical Toad 

add r * / 



/* 

size in byies 




S'* 

physic al Toad 

add r *•*/ 



S'* 

physic al addr 

for ke rneT 

lags 


S'* 

IT ash page size we assume 



S'* 

lulu re expansion: shouT d 

be O 

*S 


ft 
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Anaroia ivernei + iviv secure 


I kVI 


A 


Kernel Kernel Load 

Android Magic 

00000000 I414E 4452 4F49 442TII20BF 2800110080 00011 1 AHDROID! ( 

00000010 0100110080 flflfllT flflflfl 0000"0000 P00i'|x . 

Ramdisk Size Ramdisk Load Address 


00000040 

2063 

6F6E 

7 3 6F 

6C65 

3 D 2 0 

696E 

6974 

3D2F 

console= init=/ 

00000050 

696E 

6974 

2072 

6F6F 

743D 

2F6 4 

6576 

2F7 2 

init root =/dev/r 

00000060 

616D 

3020 

726F 

6F7 4 

6673 

7479 

7065 

3D65 

amO rootfstype=e 

00000070 

7874 

3420 

7261 

6D64 

6973 

6B5F 

7369 

7A65 

xt4 ramdisk size 

00000080 

3D31 

3034 

3835 

3736 

30301 0000 

OOOO 

0000 

= 104857600 . 

00000090 

oooo 

ooofl 

oooo 

oooo 

0000 

0000 

0000 

0000 


000000A0| 

oooo 

oooo 

oooo 

oooo 

0000 

0000 

0000 

0000 



*********************************** 


00000220 

oooo 

oooo 

oooo 

oooo 

0000 

0000 

0000 

0000 


00000230 

oooo 

oooo 

oooo 

oooo 

0000 

0000 

0000 

0000 


00000240 

0CBD 

754A 

C641 

116E 

183E 

3F95 

AFDC 

8C6 2 

. . u J . A . n . > ? . . . b 

00000250 

0 4CA 

734E 

0000 

0000 

0000 

0000 

0000 

0000 

. . sN. 


Kernel Arguments 
(only for show!) 


000007E0 

000007F0 

00000800 

00000810 

00000820 

00000830 

00000840 

00000850 

00000860 

00000870 

00000880 

00000890 

000008A0 

000008B0 

000008C0 

000008D0 

000008E0 

000008F0 

00000900 

00000910 


8000 0000 QQOQ 0000 | 4248 1003 COOS 4068 


IBC18 7E6 2 2DEO F662 1SD4 D23C 9D48 1618 

p 0000 0800 8000 8000 0000 0080 8000 8000 

0000 0000 0000 0000 0000 0000 0000 0000 

0200 oooo 0280 ooooJ bsto BEFF 7253 1F87I 



I31CB EA9C 8588 8TTTTT 1127 46841 oooo oboolT 


8000 0000 0800 0000 8000 0000 oooo oooo 

0000 0000 0000 0000 0000 0000 9CBE 2800 

"A Ob 3530 E3P1 08IP B7F6 18FA BB40 1E5E| 

8 2 7A 49C5 3 0BA B16C DEO3 6FB5 4462 CED5 

AC78 1064 E25F 6165 E7F5 ACD2 C02A 973E 

6327 0207 9019 B472 06F2 56C9 B5C3 FFAB 

61B4 A6FD EEA4 28B1 EAA7 9364 C012 B1BD 

0F06 6937 BE81 5BDA 6442 29D0 CCE0 C01D 

E232 8070 2706 3868 8ADA 57D5 44D2 E76C 

ROOK FiSPFi 81 FSB 2F7:-i D6 3 0 Eh 0 7 EF9F8 ODFO 


9787 E489 505A 25A7 CC29 1D3E 890A FA08 
6999 F461 E719 1DE9 C41D DD9E F263 2025 
65F1 514E 4784 8F23 8672 77AD FFF1 F445 
EAB2 6FD9 4E56 89EC 7B47 7F9A 5B6D F8CB 



Key Index 

Signature 

Encrypted Data Size 


a.( . . . . d . 

..i 7 ..[.dB).. 

.2 .p'. 8h..¥.D 

./s. 0 . . . 

....PZ^..).>. 

i . . a.c 

e.QNG. . # .rw... 

■:. - rri r y—tc . ■ .. fin 


■RSA 1024 Bit Signature 


■AES-128-CBC Encrypted 
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00000000 

00000010 

00000020 

00000030 

00000040 

00000050 

00000060 

00000070 

00000080 

00000090 

000000A0 

Red 

Black 


A Second Look 


414E 4452 4F49 4421 
7SEP 0100 BOG 8 0 0 001 
0001 0001 0008 0000 
0000 0000 0000 0000 
2063 6F6E 736F 6C65 
696E 6974 2072 6F6F 
616D 3020 726F 6F74 
7874 3420 7261 6D64 
3D31 3034 3835 3736 
0000 0000 0000 0000 
0000 0000 0000 0000 


20BF 2800 0080 0001 
0000 0000 0000 F001 
0000 0000 0000 0000 
0000 0000 0000 0000 
3D20 696E 6974 3D2F 
743D 2F64 6576 2F72 
6673 7479 7065 3D65 
6973 6B5F 7369 7A65 
3030 0000 0000 0000 
0000 0000 0000 0000 
0000 0000 0000 0000 


ANDROID! .(. 

x. 


console= init=/ 
init root =/dev/r 
amO rootfstype=e 
xt4 ramdisk_size 
= 104857600 . 


ylv vlv viv vlv wlv wlv wlv wlv viv wiw wlv wlv viv wlv wlv wlv wlv viv wlv wlv vlv viv vlw wiv wlv vlv wly yly yly wiy vly wlv wly wly vly 

^WN ^1^ rIS ^wN ^WN ^wN rfS ^WN 


= Ramdisk Size 
= Ramdisk Load Address 


You got your Ramdisk in my Kernel! 
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Secure Boot Exploit 


• Note the ramdisk load address 

o Can be modified without breaking kernel signature 

• Allows us to load a "ramdisk" anywhere in memory 

o Ramdisk in this case is a chunk of our own unsigned code 

• Copies in our "ramdisk" at the address specified, and without 
any additional checks, we can run our own unsigned code 
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Area Of Attack (Pseudocode) 

//hard coded load address 
kernel_load_addr = 0x01000800; 

//read kernel from emmc / nand flash to memory 
do_emmc read(kernel_buf, kernel_load_addr); 

//some stuff to parse the header into nice names 

printf( "Kernel image decrypt start now"); 

//start to decrypt and verify, send the image to the security processor 
res = LoadImage(kernel_buf, header_kernel_size); 

printf( "Kernel image decrypt finished"); 

if (res){ 

printf( "Verify Kernel image failed!"); 

return 1 ; 

}else{ 

//copy kernelbuf 

memcpy(kernel_buf, kernel_load_addr, header_kernel_size); 

} 

if (ramdisk_header_size){ 

do_emmcread(ramdisk_buf, header_ramdisk_size); 

memcpy(ramdisk_buf, header_ramdisk_load_addr, header_ramdisk_size); 

} 

printf( "verify Kernel image passed."); 
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New Boot Flow / Memory Map 

New Boot Flow / Memory Map 
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Exploit Process 

* GTVHacker Custom Recovery on Sony NSZ-GS7 
o Sony box has additional security 

o Append a tiny secure image that will validate 
o Normal signed kernel will do 

* Add on our custom Recovery + Kernel (w/ ramdisk) 

o Change Ramdisk size to match our new "ramdisk” 

• Set Ramdisk Load Address: 

■ 0x1008000 - Size of Signed Kernel 

• Our custom Recovery ends up at 0x1008000, and boots! 
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Exploit Process 

Exploit Image Placeholder 
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U-Boot 


• We can also trigger the 
exploit and run uboot 

• ASUS was kind enough 
to GPL parts, and with 
some patches, it runs 

• Load a kernel via TFTP, 
Flash, or USB for 
development 


MBOoDoEt= OnxoOr T 
al GTV image m 
Start kernel at 0x01008000 
raise: Signal # 8 caught 


U-Boot 2010.09-rcl (Jun 03 2013 - 13:49:58) 

Marvell U-boot Version 2.4 for MV88DE3100(B1) ASIC 


I I I I I _ ) _ _ I L 

I I I I_I _W_\/_\|_| 

I l_l I_I l_) I (_) I (_) I l_ 

\ _ / | _ / \ _ / \ _ / \ _ | 

DRAM: 1 GiB 

[mv_nand_chip_init,634] NFC dump register: 

NDTROCS0 = 0x84840al2 
NDTR1CS0 = 0x00208662 
NDREDEL = 0x00000000 
NDSR = 0x00000000 

NDCR = 0x0186dfff 

NDECCCTRL = 0x10000000 
wait bit 00000800 time out! 

Nand flash init error! 

NAND init error, restore back to SPI flash. 

Flash: 16 MiB 
Detecting eMMC ... 

CMD1 Card OCR=0xc0ff8080 SDHC=1 
hardware reset is permanently enabled 
eMMC Indentify done. 

EMMC: CID_SerialNum=llb7001b CardCapacity = 0x40000000 RCA=llb7001b 
env_relocate[514] malloced ENV at 0cb00008 
environment in SPI flash is invalid, 
fail to load enviroment, use default. 

Fail to load environment from eMMC flash. 

macaddr: 00:80:11:11:00:41 

In: serial 

Out : serial 

Err: serial 

MMC: MV_SDI0: 0 

Net: Galois ethO, ethaddr=00:80:11:11:00:41 

ethO 

Hit any key to stop autoboot: 0 

MV88DE3100|> |_ 
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Future Research 

Areas that need more work: 

• Unsigned kernels on Gen 1 (Revue) w/ NTFS exploit 
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Demo 
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Thank You! 



Slide Resources can be found at: 
http://DC21.GTVHacker.com 


WIKI: http://www.GTVHacker . com 

FORUM: 

h ttp://forum.GTVHacker.com 
BLOG: http://bloq.GTVHacker.com 
IRC: irc.freenode.net #GTVHacker 
Follow us on Twitter: 


@GTVHacker 
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